"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/manage_sql.c" between
gvmd-21.4.2.tar.gz and gvmd-21.4.3.tar.gz

About: OpenVAS Greenbone Vulnerability Manager is a layer between OpenVAS-Scanner and various client applications such as OpenVAS-Client or Greenbone Security Assistant. Among other features, it adds server-side storage of scan results and it makes it unnecessary for scan clients to keep connection until a scan finishes.

manage_sql.c  (gvmd-21.4.2):manage_sql.c  (gvmd-21.4.3)
skipping to change at line 418 skipping to change at line 418
/** /**
* @brief Whether a transaction has been opened and not committed yet. * @brief Whether a transaction has been opened and not committed yet.
*/ */
static gboolean in_transaction; static gboolean in_transaction;
/** /**
* @brief Time of reception of the currently processed message. * @brief Time of reception of the currently processed message.
*/ */
static struct timeval last_msg; static struct timeval last_msg;
/**
* @brief The VT verification collation override
*/
static gchar *vt_verification_collation = NULL;
/* GMP commands. */ /* GMP commands. */
/** /**
* @brief The GMP command list. * @brief The GMP command list.
*/ */
command_t gmp_commands[] command_t gmp_commands[]
= {{"AUTHENTICATE", "Authenticate with the manager." }, = {{"AUTHENTICATE", "Authenticate with the manager." },
{"CREATE_ALERT", "Create an alert."}, {"CREATE_ALERT", "Create an alert."},
{"CREATE_ASSET", "Create an asset."}, {"CREATE_ASSET", "Create an asset."},
{"CREATE_CONFIG", "Create a config."}, {"CREATE_CONFIG", "Create a config."},
skipping to change at line 3047 skipping to change at line 3052
{ {
gchar *column; gchar *column;
column = columns_select_column (select_columns, column = columns_select_column (select_columns,
where_columns, where_columns,
keyword->string); keyword->string);
assert (column); assert (column);
g_string_append_printf (order, g_string_append_printf (order,
" ORDER BY CAST (%s AS INTEGER) ASC", " ORDER BY CAST (%s AS INTEGER) ASC",
column); column);
} }
else if (strcmp (keyword->string, "ip") == 0) else if (strcmp (keyword->string, "ip") == 0
|| strcmp (keyword->string, "host") == 0)
{ {
gchar *column; gchar *column;
column = columns_select_column (select_columns, column = columns_select_column (select_columns,
where_columns, where_columns,
keyword->string); keyword->string);
assert (column); assert (column);
g_string_append_printf (order, g_string_append_printf (order,
" ORDER BY order_inet (%s) ASC", " ORDER BY order_inet (%s) ASC",
column); column);
} }
skipping to change at line 3239 skipping to change at line 3245
{ {
gchar *column; gchar *column;
column = columns_select_column (select_columns, column = columns_select_column (select_columns,
where_columns, where_columns,
keyword->string); keyword->string);
assert (column); assert (column);
g_string_append_printf (order, g_string_append_printf (order,
" ORDER BY CAST (%s AS INTEGER) DESC", " ORDER BY CAST (%s AS INTEGER) DESC",
column); column);
} }
else if (strcmp (keyword->string, "ip") == 0) else if (strcmp (keyword->string, "ip") == 0
|| strcmp (keyword->string, "host") == 0)
{ {
gchar *column; gchar *column;
column = columns_select_column (select_columns, column = columns_select_column (select_columns,
where_columns, where_columns,
keyword->string); keyword->string);
assert (column); assert (column);
g_string_append_printf (order, g_string_append_printf (order,
" ORDER BY order_inet (%s) DESC", " ORDER BY order_inet (%s) DESC",
column); column);
} }
skipping to change at line 20967 skipping to change at line 20974
" SET end_time = (SELECT coalesce(min(overrides.end_time), 0)" " SET end_time = (SELECT coalesce(min(overrides.end_time), 0)"
" FROM overrides, results" " FROM overrides, results"
" WHERE overrides.nvt = results.nvt" " WHERE overrides.nvt = results.nvt"
" AND results.report = %llu" " AND results.report = %llu"
" AND overrides.end_time >= m_now ())" " AND overrides.end_time >= m_now ())"
" WHERE report = %llu AND override = 1;", " WHERE report = %llu AND override = 1;",
report, report); report, report);
} }
/** /**
* @brief Add results from an array to a report.
*
* @param[in] report The report to add the results to.
* @param[in] results GArray containing the row ids of the results to add.
*/
void
report_add_results_array (report_t report, GArray *results)
{
GString *array_sql;
int index;
if (report == 0 || results == NULL || results->len == 0)
return;
array_sql = g_string_new ("(");
for (index = 0; index < results->len; index++)
{
result_t result;
result = g_array_index (results, result_t, index);
if (index)
g_string_append (array_sql, ", ");
g_string_append_printf (array_sql, "%llu", result);
}
g_string_append_c (array_sql, ')');
sql ("UPDATE results SET report = %llu,"
" owner = (SELECT reports.owner"
" FROM reports WHERE id = %llu)"
" WHERE id IN %s;",
report, report, array_sql->str);
for (index = 0; index < results->len; index++)
{
result_t result;
result = g_array_index (results, result_t, index);
report_add_result_for_buffer (report, result);
}
sql ("UPDATE report_counts"
" SET end_time = (SELECT coalesce(min(overrides.end_time), 0)"
" FROM overrides, results"
" WHERE overrides.nvt = results.nvt"
" AND results.report = %llu"
" AND overrides.end_time >= m_now ())"
" WHERE report = %llu AND override = 1;",
report, report);
g_string_free (array_sql, TRUE);
}
/**
* @brief Filter columns for report iterator. * @brief Filter columns for report iterator.
*/ */
#define REPORT_ITERATOR_FILTER_COLUMNS \ #define REPORT_ITERATOR_FILTER_COLUMNS \
{ ANON_GET_ITERATOR_FILTER_COLUMNS, "task_id", "name", "date", "status", \ { ANON_GET_ITERATOR_FILTER_COLUMNS, "task_id", "name", "date", "status", \
"task", "severity", "false_positive", "log", "low", "medium", "high", \ "task", "severity", "false_positive", "log", "low", "medium", "high", \
"hosts", "result_hosts", "fp_per_host", "log_per_host", "low_per_host", \ "hosts", "result_hosts", "fp_per_host", "log_per_host", "low_per_host", \
"medium_per_host", "high_per_host", "duration", "duration_per_host", \ "medium_per_host", "high_per_host", "duration", "duration_per_host", \
NULL } NULL }
/** /**
skipping to change at line 26159 skipping to change at line 26219
{ {
if (host_summary_buffer) if (host_summary_buffer)
{ {
char start[200], end[200]; char start[200], end[200];
if (start_iso) if (start_iso)
{ {
struct tm start_tm; struct tm start_tm;
memset (&start_tm, 0, sizeof (struct tm)); memset (&start_tm, 0, sizeof (struct tm));
if (strptime (start_iso, "%FT%H:%M:%S", &start_tm) == NULL) #if !defined(__GLIBC__)
if (strptime (start_iso, "%Y-%m-%dT%H:%M:%S", &start_tm) == NULL)
#else
if (strptime (start_iso, "%FT%H:%M:%S", &start_tm) == NULL)
#endif
{ {
g_warning ("%s: Failed to parse start", __func__); g_warning ("%s: Failed to parse start", __func__);
return; return;
} }
if (strftime (start, 200, "%b %d, %H:%M:%S", &start_tm) == 0) if (strftime (start, 200, "%b %d, %H:%M:%S", &start_tm) == 0)
{ {
g_warning ("%s: Failed to format start", __func__); g_warning ("%s: Failed to format start", __func__);
return; return;
} }
} }
else else
strcpy (start, "(not started)"); strcpy (start, "(not started)");
if (end_iso) if (end_iso)
{ {
struct tm end_tm; struct tm end_tm;
memset (&end_tm, 0, sizeof (struct tm)); memset (&end_tm, 0, sizeof (struct tm));
if (strptime (end_iso, "%FT%H:%M:%S", &end_tm) == NULL) #if !defined(__GLIBC__)
if (strptime (end_iso, "%Y-%m-%dT%H:%M:%S", &end_tm) == NULL)
#else
if (strptime (end_iso, "%FT%H:%M:%S", &end_tm) == NULL)
#endif
{ {
g_warning ("%s: Failed to parse end", __func__); g_warning ("%s: Failed to parse end", __func__);
return; return;
} }
if (strftime (end, 200, "%b %d, %H:%M:%S", &end_tm) == 0) if (strftime (end, 200, "%b %d, %H:%M:%S", &end_tm) == 0)
{ {
g_warning ("%s: Failed to format end", __func__); g_warning ("%s: Failed to format end", __func__);
return; return;
} }
skipping to change at line 28711 skipping to change at line 28779
* @param[in] report_xml Report XML. * @param[in] report_xml Report XML.
*/ */
void void
parse_osp_report (task_t task, report_t report, const char *report_xml) parse_osp_report (task_t task, report_t report, const char *report_xml)
{ {
entity_t entity, child; entity_t entity, child;
entities_t results; entities_t results;
const char *str; const char *str;
char *defs_file = NULL; char *defs_file = NULL;
time_t start_time, end_time; time_t start_time, end_time;
gboolean has_results = FALSE;
GArray *results_array;
assert (task); assert (task);
assert (report); assert (report);
assert (report_xml); assert (report_xml);
if (parse_entity (report_xml, &entity)) if (parse_entity (report_xml, &entity))
{ {
g_warning ("Couldn't parse %s OSP scan report", report_xml); g_warning ("Couldn't parse %s OSP scan report", report_xml);
return; return;
} }
sql_begin_immediate (); sql_begin_immediate ();
/* Set the report's start and end times. */ /* Set the report's start and end times. */
results_array = g_array_new (TRUE, TRUE, sizeof (result_t));
start_time = 0; start_time = 0;
str = entity_attribute (entity, "start_time"); str = entity_attribute (entity, "start_time");
if (str) if (str)
{ {
start_time = atoi (str); start_time = atoi (str);
set_scan_start_time_epoch (report, start_time); set_scan_start_time_epoch (report, start_time);
} }
end_time = 0; end_time = 0;
str = entity_attribute (entity, "end_time"); str = entity_attribute (entity, "end_time");
skipping to change at line 28748 skipping to change at line 28819
} }
/* Insert results. */ /* Insert results. */
child = entity_child (entity, "results"); child = entity_child (entity, "results");
if (!child) if (!child)
{ {
g_warning ("Missing results element in OSP report %s", report_xml); g_warning ("Missing results element in OSP report %s", report_xml);
goto end_parse_osp_report; goto end_parse_osp_report;
} }
results = child->entities; results = child->entities;
if (results)
has_results = TRUE;
defs_file = task_definitions_file (task); defs_file = task_definitions_file (task);
while (results) while (results)
{ {
result_t result; result_t result;
const char *type, *name, *severity, *host, *hostname, *test_id, *port; const char *type, *name, *severity, *host, *hostname, *test_id, *port;
const char *qod, *path; const char *qod, *path;
char *desc = NULL, *nvt_id = NULL, *severity_str = NULL; char *desc = NULL, *nvt_id = NULL, *severity_str = NULL;
entity_t r_entity = results->data; entity_t r_entity = results->data;
int qod_int; int qod_int;
skipping to change at line 28847 skipping to change at line 28921
result = make_osp_result (task, result = make_osp_result (task,
host, host,
hostname, hostname,
nvt_id, nvt_id,
type, type,
desc, desc,
port ?: "", port ?: "",
severity_str ?: severity, severity_str ?: severity,
qod_int, qod_int,
path); path);
report_add_result (report, result); g_array_append_val (results_array, result);
} }
g_free (nvt_id); g_free (nvt_id);
g_free (desc); g_free (desc);
g_free (severity_str); g_free (severity_str);
results = next_entities (results); results = next_entities (results);
} }
if (has_results)
{
report_add_results_array (report, results_array);
}
end_parse_osp_report: end_parse_osp_report:
sql_commit (); sql_commit ();
g_array_free (results_array, TRUE);
g_free (defs_file); g_free (defs_file);
free_entity (entity); free_entity (entity);
} }
/* More task stuff. */ /* More task stuff. */
/** /**
* @brief Return the trend of a task, given counts. * @brief Return the trend of a task, given counts.
* *
* @param[in] holes_a Number of holes on earlier report. * @param[in] holes_a Number of holes on earlier report.
* @param[in] warns_a Number of warnings on earlier report. * @param[in] warns_a Number of warnings on earlier report.
skipping to change at line 31669 skipping to change at line 31749
{ "hosts", NULL, KEYWORD_TYPE_STRING }, \ { "hosts", NULL, KEYWORD_TYPE_STRING }, \
{ "max_hosts (hosts, exclude_hosts)", \ { "max_hosts (hosts, exclude_hosts)", \
"ips", \ "ips", \
KEYWORD_TYPE_INTEGER }, \ KEYWORD_TYPE_INTEGER }, \
{ NULL, NULL, KEYWORD_TYPE_UNKNOWN } \ { NULL, NULL, KEYWORD_TYPE_UNKNOWN } \
} }
/** /**
* @brief Target iterator columns for trash case. * @brief Target iterator columns for trash case.
*/ */
#define TARGET_ITERATOR_TRASH_COLUMNS \ #define TARGET_ITERATOR_TRASH_COLUMNS \
{ \ { \
GET_ITERATOR_COLUMNS (targets_trash), \ GET_ITERATOR_COLUMNS (targets_trash), \
{ "hosts", NULL, KEYWORD_TYPE_STRING }, \ { "hosts", NULL, KEYWORD_TYPE_STRING }, \
{ "target_credential (id, 1, CAST ('ssh' AS text))", \ { "target_credential (id, 1, CAST ('ssh' AS text))", \
NULL, \ NULL, \
KEYWORD_TYPE_INTEGER }, \ KEYWORD_TYPE_INTEGER }, \
{ "target_login_port (id, 1, CAST ('ssh' AS text))", \ { "target_login_port (id, 1, CAST ('ssh' AS text))", \
"ssh_port", \ "ssh_port", \
KEYWORD_TYPE_INTEGER }, \ KEYWORD_TYPE_INTEGER }, \
{ "target_credential (id, 1, CAST ('smb' AS text))", \ { "target_credential (id, 1, CAST ('smb' AS text))", \
NULL, \ NULL, \
KEYWORD_TYPE_INTEGER }, \ KEYWORD_TYPE_INTEGER }, \
{ "port_list", NULL, KEYWORD_TYPE_INTEGER }, \ { "port_list", NULL, KEYWORD_TYPE_INTEGER }, \
{ "trash_target_credential_location (id, CAST ('ssh' AS text))", \ { "trash_target_credential_location (id, CAST ('ssh' AS text))", \
NULL, \ NULL, \
KEYWORD_TYPE_INTEGER }, \ KEYWORD_TYPE_INTEGER }, \
{ "trash_target_credential_location (id, CAST ('smb' AS text))", \ { "trash_target_credential_location (id, CAST ('smb' AS text))", \
NULL, \ NULL, \
KEYWORD_TYPE_INTEGER }, \ KEYWORD_TYPE_INTEGER }, \
{ \ { \
"(CASE" \ "(CASE" \
" WHEN port_list_location = " G_STRINGIFY (LOCATION_TRASH) \ " WHEN port_list_location = " G_STRINGIFY (LOCATION_TRASH) \
" THEN (SELECT uuid FROM port_lists_trash" \ " THEN (SELECT uuid FROM port_lists_trash" \
" WHERE port_lists_trash.id = port_list)" \ " WHERE port_lists_trash.id = port_list)" \
" ELSE (SELECT uuid FROM port_lists" \ " ELSE (SELECT uuid FROM port_lists" \
" WHERE port_lists.id = port_list)" \ " WHERE port_lists.id = port_list)" \
" END)", \ " END)", \
NULL, \ NULL, \
KEYWORD_TYPE_STRING \ KEYWORD_TYPE_STRING \
}, \ }, \
{ \ { \
"(CASE" \ "(CASE" \
" WHEN port_list_location = " G_STRINGIFY (LOCATION_TRASH) \ " WHEN port_list_location = " G_STRINGIFY (LOCATION_TRASH) \
" THEN (SELECT name FROM port_lists_trash" \ " THEN (SELECT name FROM port_lists_trash" \
" WHERE port_lists_trash.id = port_list)" \ " WHERE port_lists_trash.id = port_list)" \
" ELSE (SELECT name FROM port_lists" \ " ELSE (SELECT name FROM port_lists" \
" WHERE port_lists.id = port_list)" \ " WHERE port_lists.id = port_list)" \
" END)", \ " END)", \
NULL, \ NULL, \
KEYWORD_TYPE_STRING \ KEYWORD_TYPE_STRING \
}, \ }, \
{ "port_list_location = " G_STRINGIFY (LOCATION_TRASH), \ { "port_list_location = " G_STRINGIFY (LOCATION_TRASH), \
NULL, \ NULL, \
KEYWORD_TYPE_STRING }, \ KEYWORD_TYPE_STRING }, \
{ "exclude_hosts", NULL, KEYWORD_TYPE_STRING }, \ { "exclude_hosts", NULL, KEYWORD_TYPE_STRING }, \
{ "reverse_lookup_only", NULL, KEYWORD_TYPE_INTEGER }, \ { "reverse_lookup_only", NULL, KEYWORD_TYPE_INTEGER }, \
{ "reverse_lookup_unify", NULL, KEYWORD_TYPE_INTEGER }, \ { "reverse_lookup_unify", NULL, KEYWORD_TYPE_INTEGER }, \
{ "alive_test", NULL, KEYWORD_TYPE_INTEGER }, \ { "alive_test", NULL, KEYWORD_TYPE_INTEGER }, \
{ "target_credential (id, 1, CAST ('esxi' AS text))", \ { "target_credential (id, 1, CAST ('esxi' AS text))", \
NULL, \ NULL, \
KEYWORD_TYPE_INTEGER }, \ KEYWORD_TYPE_INTEGER }, \
{ "trash_target_credential_location (id, CAST ('esxi' AS text))",\ { "trash_target_credential_location (id, CAST ('esxi' AS text))", \
NULL, \ NULL, \
KEYWORD_TYPE_INTEGER }, \ KEYWORD_TYPE_INTEGER }, \
{ "target_credential (id, 1, CAST ('snmp' AS text))", \ { "target_credential (id, 1, CAST ('snmp' AS text))", \
NULL, \ NULL, \
KEYWORD_TYPE_INTEGER }, \ KEYWORD_TYPE_INTEGER }, \
{ "trash_target_credential_location (id, CAST ('snmp' AS text))",\ { "trash_target_credential_location (id, CAST ('snmp' AS text))", \
NULL, \ NULL, \
KEYWORD_TYPE_INTEGER }, \ KEYWORD_TYPE_INTEGER }, \
{ "allow_simultaneous_ips", \ { "target_credential (id, 1, CAST ('elevate' AS text))", \
NULL, \ NULL, \
KEYWORD_TYPE_INTEGER }, \ KEYWORD_TYPE_INTEGER }, \
{ NULL, NULL, KEYWORD_TYPE_UNKNOWN } \ { "trash_target_credential_location (id, CAST ('elevate' AS text))", \
NULL, \
KEYWORD_TYPE_INTEGER }, \
{ "allow_simultaneous_ips", \
NULL, \
KEYWORD_TYPE_INTEGER }, \
{ NULL, NULL, KEYWORD_TYPE_UNKNOWN } \
} }
/** /**
* @brief Count number of targets. * @brief Count number of targets.
* *
* @param[in] get GET params. * @param[in] get GET params.
* *
* @return Total number of targets in filtered set. * @return Total number of targets in filtered set.
*/ */
int int
skipping to change at line 43696 skipping to change at line 43782
&subject); &subject);
free (new_name); free (new_name);
if (ret) if (ret)
{ {
free (new_resource_type); free (new_resource_type);
free (new_resource_id); free (new_resource_id);
free (existing_subject_type); free (existing_subject_type);
free (new_subject_id); free (new_subject_id);
g_free (subject_where_old);
sql_rollback (); sql_rollback ();
return ret; return ret;
} }
subject_where_new = subject_where_clause (new_subject_type subject_where_new = subject_where_clause (new_subject_type
? new_subject_type ? new_subject_type
: subject_type, : subject_type,
subject); subject);
if (strcmp (subject_where_new, subject_where_old)) if (strcmp (subject_where_new, subject_where_old))
skipping to change at line 43747 skipping to change at line 43834
} }
/* Modify the permission. */ /* Modify the permission. */
assert (subject); assert (subject);
assert ((resource_id == new_resource_id) assert ((resource_id == new_resource_id)
|| (resource_id == resource_id_arg) || (resource_id == resource_id_arg)
|| (resource_id == NULL)); || (resource_id == NULL));
quoted_name = sql_quote (name); quoted_name = sql_quote (name);
g_free (name);
sql ("UPDATE permissions SET" sql ("UPDATE permissions SET"
" name = '%s'," " name = '%s',"
" resource_type = '%s'," " resource_type = '%s',"
" resource_uuid = '%s'," " resource_uuid = '%s',"
" resource = %llu," " resource = %llu,"
" resource_location = " G_STRINGIFY (LOCATION_TABLE) "," " resource_location = " G_STRINGIFY (LOCATION_TABLE) ","
" subject_type = '%s'," " subject_type = '%s',"
" subject = %llu," " subject = %llu,"
" modification_time = m_now ()" " modification_time = m_now ()"
skipping to change at line 43831 skipping to change at line 43917
reports = NULL; reports = NULL;
} }
/* Cleanup. */ /* Cleanup. */
g_free (quoted_name); g_free (quoted_name);
free (new_resource_type); free (new_resource_type);
free (new_resource_id); free (new_resource_id);
free (existing_subject_type); free (existing_subject_type);
free (new_subject_id); free (new_subject_id);
g_free (name);
free (old_name); free (old_name);
free (old_resource_type); free (old_resource_type);
g_free (subject_where); g_free (subject_where);
sql_commit (); sql_commit ();
return 0; return 0;
} }
/**
* @brief Add role permissions to feed objects according to the
* 'Feed Import Roles' setting.
*
* @param[in] type The object type, e.g. report_format.
* @param[in] type_cap Capitalized type, e.g. "Report Format"
* @param[out] permission_count Number of permissions added.
* @param[out] object_count Number of data objects affected.
*/
static void
add_feed_role_permissions (const char *type,
const char *type_cap,
int *permission_count,
int *object_count)
{
char *roles_str;
gchar **roles;
iterator_t resources;
roles_str = NULL;
setting_value (SETTING_UUID_FEED_IMPORT_ROLES, &roles_str);
if (roles_str == NULL || strlen (roles_str) == 0)
{
g_message ("%s: No feed import roles defined", __func__);
g_free (roles_str);
return;
}
roles = g_strsplit (roles_str, ",", 0);
free (roles_str);
init_iterator (&resources,
"SELECT id, uuid, name, owner FROM %ss"
" WHERE predefined = 1",
type);
while (next (&resources))
{
gboolean added_permission = FALSE;
resource_t permission_resource = iterator_int64 (&resources, 0);
const char *permission_resource_id = iterator_string (&resources, 1);
const char *permission_resource_name = iterator_string (&resources, 2);
user_t owner = iterator_int64 (&resources, 3);
gchar **role = roles;
while (*role)
{
char *role_name = NULL;
resource_name ("role", *role, LOCATION_TABLE, &role_name);
if (sql_int ("SELECT count(*) FROM permissions"
" WHERE name = 'get_%ss'"
" AND subject_type = 'role'"
" AND subject"
" = (SELECT id FROM roles WHERE uuid='%s')"
" AND resource = %llu",
type,
*role,
permission_resource))
{
g_debug ("Role %s (%s) already has read permission"
" for %s %s (%s).",
role_name,
*role,
type_cap,
permission_resource_name,
permission_resource_id);
}
else
{
gchar *permission_name;
g_info ("Creating read permission for role %s (%s)"
" on %s %s (%s).",
role_name,
*role,
type_cap,
permission_resource_name,
permission_resource_id);
added_permission = TRUE;
if (permission_count)
*permission_count = *permission_count + 1;
permission_name = g_strdup_printf ("get_%ss", type);
current_credentials.uuid = user_uuid (owner);
switch (create_permission_internal
(0,
permission_name,
"Automatically created by"
" --optimize",
type,
permission_resource_id,
"role",
*role,
NULL))
{
case 0:
// success
break;
case 2:
g_warning ("%s: failed to find role %s for permission",
__func__, *role);
break;
case 3:
g_warning ("%s: failed to find %s %s for permission",
__func__, type_cap, permission_resource_id);
break;
case 5:
g_warning ("%s: error in resource when creating permission"
" for %s %s",
__func__, type_cap, permission_resource_id);
break;
case 6:
g_warning ("%s: error in subject (Role %s)",
__func__, *role);
break;
case 7:
g_warning ("%s: error in name %s",
__func__, permission_name);
break;
case 8:
g_warning ("%s: permission on permission", __func__);
break;
case 9:
g_warning ("%s: permission %s does not accept resource",
__func__, permission_name);
break;
case 99:
g_warning ("%s: permission denied to create %s permission"
" for role %s on %s %s",
__func__, permission_name, *role, type_cap,
permission_resource_id);
break;
default:
g_warning ("%s: internal error creating %s permission"
" for role %s on %s %s",
__func__, permission_name, *role, type_cap,
permission_resource_id);
break;
}
free (current_credentials.uuid);
current_credentials.uuid = NULL;
}
free (role_name);
role ++;
}
if (object_count && added_permission)
*object_count = *object_count + 1;
}
cleanup_iterator (&resources);
g_strfreev (roles);
return;
}
/**
* @brief Delete permissions to feed objects for roles that are not set
* in the 'Feed Import Roles' setting.
*
* @param[in] type The object type, e.g. report_format.
* @param[in] type_cap Capitalized type, e.g. "Report Format"
* @param[out] permission_count Number of permissions added.
* @param[out] object_count Number of data objects affected.
*/
static void
clean_feed_role_permissions (const char *type,
const char *type_cap,
int *permission_count,
int *object_count)
{
char *roles_str;
gchar **roles, **role;
GString *sql_roles;
iterator_t resources;
roles_str = NULL;
setting_value (SETTING_UUID_FEED_IMPORT_ROLES, &roles_str);
if (roles_str == NULL || strlen (roles_str) == 0)
{
g_message ("%s: No feed import roles defined", __func__);
g_free (roles_str);
return;
}
sql_roles = g_string_new ("(");
if (roles_str)
{
roles = g_strsplit (roles_str, ",", 0);
role = roles;
while (*role)
{
gchar *quoted_role = sql_insert (*role);
g_string_append (sql_roles, quoted_role);
role ++;
if (*role)
g_string_append (sql_roles, ", ");
}
}
g_string_append (sql_roles, ")");
g_debug ("%s: Keeping permissions for roles %s\n", __func__, sql_roles->str);
init_iterator (&resources,
"SELECT id, uuid, name FROM %ss"
" WHERE predefined = 1",
type);
while (next (&resources))
{
gboolean removed_permission = FALSE;
resource_t permission_resource = iterator_int64 (&resources, 0);
const char *permission_resource_id = iterator_string (&resources, 1);
const char *permission_resource_name = iterator_string (&resources, 2);
iterator_t permissions;
init_iterator (&permissions,
"DELETE FROM permissions"
" WHERE name = 'get_%ss'"
" AND resource = %llu"
" AND subject_type = 'role'"
" AND subject NOT IN"
" (SELECT id FROM roles WHERE uuid IN %s)"
" RETURNING"
" (SELECT uuid FROM roles WHERE id = subject),"
" (SELECT name FROM roles WHERE id = subject)",
type,
permission_resource,
sql_roles->str);
while (next (&permissions))
{
const char *role_id = iterator_string (&permissions, 0);
const char *role_name = iterator_string (&permissions, 1);
g_info ("Removed permission on %s %s (%s) for role %s (%s)",
type_cap,
permission_resource_name,
permission_resource_id,
role_name,
role_id);
if (permission_count)
*permission_count = *permission_count + 1;
removed_permission = TRUE;
}
if (object_count && removed_permission)
*object_count = *object_count + 1;
}
cleanup_iterator (&resources);
g_strfreev (roles);
return;
}
/* Roles. */ /* Roles. */
/** /**
* @brief List roles. * @brief List roles.
* *
* @param[in] log_config Log configuration. * @param[in] log_config Log configuration.
* @param[in] database Location of manage database. * @param[in] database Location of manage database.
* @param[in] verbose Whether to print UUID. * @param[in] verbose Whether to print UUID.
* *
* @return 0 success, -1 error. * @return 0 success, -1 error.
skipping to change at line 55433 skipping to change at line 55784
(old_size - new_size) (old_size - new_size)
* 100.0 / old_size); * 100.0 / old_size);
else else
success_text = g_strdup_printf ("Optimized: vacuum." success_text = g_strdup_printf ("Optimized: vacuum."
" Database file size *increased* by" " Database file size *increased* by"
" %llu MiB (%0.1f %%).\n", " %llu MiB (%0.1f %%).\n",
(new_size - old_size) / (1024 * 1024), (new_size - old_size) / (1024 * 1024),
(new_size - old_size) (new_size - old_size)
* 100.0 / old_size); * 100.0 / old_size);
} }
else if (strcasecmp (name, "add-feed-permissions") == 0)
{
int permissions_count, object_count;
permissions_count = 0;
object_count = 0;
sql_begin_immediate ();
add_feed_role_permissions ("config",
"Scan Config / Policy",
&permissions_count,
&object_count);
add_feed_role_permissions ("port_list",
"Port List",
&permissions_count,
&object_count);
add_feed_role_permissions ("report_format",
"Report Format",
&permissions_count,
&object_count);
sql_commit ();
success_text = g_strdup_printf ("Optimized: add-feed-permissions."
" Added %d permissions"
" for %d data objects.",
permissions_count,
object_count);
}
else if (strcasecmp (name, "analyze") == 0) else if (strcasecmp (name, "analyze") == 0)
{ {
sql ("ANALYZE;"); sql ("ANALYZE;");
success_text = g_strdup_printf ("Optimized: analyze."); success_text = g_strdup_printf ("Optimized: analyze.");
} }
else if (strcasecmp (name, "cleanup-config-prefs") == 0) else if (strcasecmp (name, "cleanup-config-prefs") == 0)
{ {
int removed, fixed_values; int removed, fixed_values;
sql ("DELETE FROM config_preferences WHERE id NOT IN" sql ("DELETE FROM config_preferences WHERE id NOT IN"
" (SELECT min(id) FROM config_preferences" " (SELECT min(id) FROM config_preferences"
skipping to change at line 55458 skipping to change at line 55834
" WHERE name='scanner_plugins_timeout')" " WHERE name='scanner_plugins_timeout')"
" WHERE name = 'scanner_plugins_timeout'" " WHERE name = 'scanner_plugins_timeout'"
" AND value = 'SCANNER_NVT_TIMEOUT';"); " AND value = 'SCANNER_NVT_TIMEOUT';");
fixed_values = sql_changes(); fixed_values = sql_changes();
success_text = g_strdup_printf ("Optimized: cleanup-config-prefs." success_text = g_strdup_printf ("Optimized: cleanup-config-prefs."
" Duplicate config preferences removed:" " Duplicate config preferences removed:"
" %d. Corrected preference values: %d", " %d. Corrected preference values: %d",
removed, fixed_values); removed, fixed_values);
} }
else if (strcasecmp (name, "cleanup-feed-permissions") == 0)
{
int permissions_count, object_count;
permissions_count = 0;
object_count = 0;
sql_begin_immediate ();
clean_feed_role_permissions ("config",
"Scan Config / Policy",
&permissions_count,
&object_count);
clean_feed_role_permissions ("port_list",
"Port List",
&permissions_count,
&object_count);
clean_feed_role_permissions ("report_format",
"Report Format",
&permissions_count,
&object_count);
sql_commit ();
success_text = g_strdup_printf ("Optimized: cleanup-feed-permissions."
" Removed %d permissions"
" for %d data objects.",
permissions_count,
object_count);
}
else if (strcasecmp (name, "cleanup-port-names") == 0) else if (strcasecmp (name, "cleanup-port-names") == 0)
{ {
int changes_iana, changes_old_format; int changes_iana, changes_old_format;
sql_begin_immediate (); sql_begin_immediate ();
sql ("UPDATE results" sql ("UPDATE results"
" SET port = substr (port, 1," " SET port = substr (port, 1,"
" strpos (port, ' (IANA:') - 1)" " strpos (port, ' (IANA:') - 1)"
" WHERE port LIKE '% (IANA:%';"); " WHERE port LIKE '% (IANA:%';");
changes_iana = sql_changes(); changes_iana = sql_changes();
skipping to change at line 55716 skipping to change at line 56117
* @brief Cancels the current SQL statement. * @brief Cancels the current SQL statement.
* *
* @return 0 on success, -1 on error. * @return 0 on success, -1 on error.
*/ */
int int
sql_cancel () sql_cancel ()
{ {
g_debug ("%s: cancelling current SQL statement", __func__); g_debug ("%s: cancelling current SQL statement", __func__);
return sql_cancel_internal (); return sql_cancel_internal ();
} }
/**
* @brief Get the VT verification collation override.
*
* @return The collation or NULL for automatic.
*/
const char *
get_vt_verification_collation ()
{
return vt_verification_collation;
}
/**
* @brief Sets the VT verification collation override.
*
* This must be done before the SQL functions are created to be effective.
*
* @param[in] new_collation The new collation.
*/
void
set_vt_verification_collation (const char *new_collation)
{
g_free (vt_verification_collation);
if (new_collation && strcmp (new_collation, ""))
vt_verification_collation = g_strdup(new_collation);
else
vt_verification_collation = NULL;
}
 End of changes. 20 change blocks. 
71 lines changed or deleted 472 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)